Lucene search
K

172 matches found

Cvelist
Cvelist
added 2022/05/17 2:6 p.m.31 views

CVE-2022-30947

Jenkins Git Plugin 4.11.1 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents...

7.7AI score0.01191EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2022/05/17 2:6 p.m.62 views

CVE-2022-30947

Jenkins Git Plugin 4.11.1 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents...

7.5CVSS3.4AI score0.01191EPSS
Exploits0References2
OSV
OSV
added 2022/05/17 12:33 a.m.2 views

GHSA-RF5Q-8GX3-XQFC Cross-Site Request Forgery in Jenkins Git Plugin

Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username/password credentials ID could trick a developer with job configuration permissions into following a link with a maliciously crafted Jenki...

7.5CVSS6.8AI score0.00769EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/17 12:33 a.m.32 views

Cross-Site Request Forgery in Jenkins Git Plugin

Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username/password credentials ID could trick a developer with job configuration permissions into following a link with a maliciously crafted Jenki...

7.5CVSS2.1AI score0.00769EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2022/05/17 12:0 a.m.6 views

PT-2022-20401 · Jenkins · Jenkins Git Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Git Plugin versions 4.11.1 and earlier Description: The issue allows attackers who can configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs. This enables...

7.5CVSS7.1AI score0.01191EPSS
Exploits0References11
CNNVD
CNNVD
added 2022/05/17 12:0 a.m.6 views

Jenkins Git Plugin 信息泄露漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.An information disclosure vulnerability...

7.5CVSS7.3AI score0.01191EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2022/05/14 3:13 a.m.4 views

br.com.ingenieux.jenkins.plugins:codecommit-url-helper (=0.0.1), com.amcbridge:build-configurator (>=1.0.5.0 <=1.0.6.1) +91 more potentially affected by CVE-2018-1000182 via org.jenkins-ci.plugins:git (>=1.2.0 <=3.9.0)

org.jenkins-ci.plugins:git MAVEN version =1.2.0, =1.0.5.0, =1.1.0, =1.9.2-beta, =1.9, =4.0.9, =1.1.0, =1.0.0, =1.0.1, =1.1.3, =1.7.2, =1.1.0, =1.0.0, =1.0.22, =1.0.57 and more Source cves: CVE-2018-1000182 Source advisory: OSV:GHSA-53WF-VQF9-CGF2...

6.4CVSS6.7AI score0.00809EPSS
Exploits0
OSV
OSV
added 2022/05/14 3:13 a.m.39 views

GHSA-53WF-VQF9-CGF2 Server-Side Request Forgery in Jenkins Git Plugin

A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java, ViewGitWeb.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a...

6.4CVSS5.9AI score0.00809EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/14 3:13 a.m.23 views

Server-Side Request Forgery in Jenkins Git Plugin

A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java, ViewGitWeb.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a...

6.4CVSS4.9AI score0.00809EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/14 1:6 a.m.29 views

GHSA-R8RW-XX57-M64Q Cross-Site Request Forgery in Jenkins Git Plugin

A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.java that allows attackers to create a Git tag in a workspace and attach corresponding metadata to a build record...

4.3CVSS6.7AI score0.01145EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2022/05/14 1:6 a.m.5 views

br.com.ingenieux.jenkins.plugins:codecommit-url-helper (=0.0.1), com.amcbridge:build-configurator (>=1.0.5.0 <=1.0.6.1) +91 more potentially affected by CVE-2019-1003010 via org.jenkins-ci.plugins:git (>=1.2.0 <=3.9.1)

org.jenkins-ci.plugins:git MAVEN version =1.2.0, =1.0.5.0, =1.1.0, =1.9.2-beta, =1.9, =4.0.9, =1.1.0, =1.0.0, =1.0.1, =1.1.3, =1.7.2, =1.1.0, =1.0.0, =1.0.22, =1.0.57 and more Source cves: CVE-2019-1003010 Source advisory: OSV:GHSA-R8RW-XX57-M64Q...

4.3CVSS6.5AI score0.01145EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2022/05/14 1:6 a.m.22 views

Cross-Site Request Forgery in Jenkins Git Plugin

A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.java that allows attackers to create a Git tag in a workspace and attach corresponding metadata to a build record...

4.3CVSS4.9AI score0.01145EPSS
Exploits0References6Affected Software1
vulnersOsv
vulnersOsv
added 2022/05/13 1:48 a.m.4 views

br.com.ingenieux.jenkins.plugins:codecommit-url-helper (=0.0.1), com.amcbridge:build-configurator (>=1.0.5.0 <=1.0.6.1) +90 more potentially affected by CVE-2018-1000110 via org.jenkins-ci.plugins:git (>=1.2.0 <=3.6.0)

org.jenkins-ci.plugins:git MAVEN version =1.2.0, =1.0.5.0, =1.1.0, =1.9.2-beta, =1.9, =4.0.9, =1.1.0, =1.0.0, =1.0.1, =1.1.3, =1.7.2, =1.1.0, =1.0.0, =1.0.22, =1.0.57 and more Source cves: CVE-2018-1000110 Source advisory: OSV:GHSA-46P2-FWQG-3H6M...

5.3CVSS6.4AI score0.03988EPSS
Exploits2
Github Security Blog
Github Security Blog
added 2022/05/13 1:48 a.m.30 views

Incorrect Authorization in Jenkins Git Plugin

An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users...

5.3CVSS5.5AI score0.03988EPSS
Exploits2References4Affected Software1
OSV
OSV
added 2022/05/13 1:48 a.m.21 views

GHSA-46P2-FWQG-3H6M Incorrect Authorization in Jenkins Git Plugin

An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users...

5.3CVSS5.3AI score0.03988EPSS
Exploits2References4
Veracode
Veracode
added 2022/03/27 12:41 a.m.21 views

Cross-site Scripting (XSS)

jenkins Git Plugin is vulnerable to cross-site scripting. The vulnerability exists due to a lack of sanitization of the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause...

6.1CVSS2.2AI score0.01197EPSS
Exploits0References5Affected Software1
RedHat Linux
RedHat Linux
added 2022/03/10 2:59 p.m.2 views

jenkins-2-plugins/git: stored XSS vulnerability

A stored cross-site scripting XSS vulnerability was found in the Jenkins Git plugin. Due to not escaping the Git SHA-1 checksum parameters provided to commit notifications, an attacker is able to submit crafted commit notifications to the /git/notifyCommit endpoint...

6.1CVSS6.9AI score0.01197EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2021/11/19 12:0 a.m.26 views

Jenkins Git Plugin < 4.8.3 XSS

According to its its self-reported version number, the version of the Jenkins Git Plugin running on the remote web server is prior to 4.8.3. It is, therefore, affected by a cross-site scripting vulnerability due to it not escaping the Git SHA-1 checksum parameters provided to commit notifications...

6.1CVSS6.3AI score0.01197EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2021/10/07 8:4 p.m.50 views

CVE-2021-21684

A stored cross-site scripting XSS vulnerability was found in the Jenkins Git plugin. Due to not escaping the Git SHA-1 checksum parameters provided to commit notifications, an attacker is able to submit crafted commit notifications to the /git/notifyCommit endpoint...

6.1CVSS2.5AI score0.01197EPSS
Exploits0References4
NVD
NVD
added 2021/10/06 11:15 p.m.12 views

CVE-2021-21684

Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting XSS vulnerability...

6.1CVSS0.01197EPSS
Exploits0References2
Rows per page
Query Builder